openid-client - npm Package Compare versions

Comparing version 3.1.2 to 3.2.0

CHANGELOG.md

@@ -5,2 +5,11 @@ # Change Log
 
+# [3.2.0](https://github.com/panva/node-openid-client/compare/v3.1.2...v3.2.0) (2019-06-27)
+
+
+### Features
+
+* feat: added support for direct symmetric key encryption alg (dir) ([f1b4282](https://github.com/panva/node-openid-client/commit/f1b4282))
+
+
+
 ## [3.1.2](https://github.com/panva/node-openid-client/compare/v3.1.1...v3.1.2) (2019-06-21)
@@ -7,0 +16,0 @@

lib/client.js

@@ -605,6 +605,6 @@ const { inspect } = require('util');
 
-    if (expectedAlg.match(/^(RSA|ECDH)/)) {
+    if (expectedAlg.match(/^(?:RSA|ECDH)/)) {
       keyOrStore = instance(this).get('keystore');
     } else {
-      keyOrStore = await this.joseSecret(expectedAlg);
+      keyOrStore = await this.joseSecret(expectedAlg === 'dir' ? expectedEnc : expectedAlg);
     }
@@ -1015,6 +1015,10 @@
   async joseSecret(alg) {
-    if (String(alg).match(/^A(\d{3})(?:GCM)?KW$/)) {
+    if (/^A(\d{3})(?:GCM)?KW$/.test(alg)) {
       return this.derivedKey(parseInt(RegExp.$1, 10));
     }
 
+    if (/^A(\d{3})(?:GCM|CBC-HS(\d{3}))$/.test(alg)) {
+      return this.derivedKey(parseInt(RegExp.$2 || RegExp.$1, 10));
+    }
+
     if (instance(this).has('jose_secret')) {
@@ -1314,3 +1318,3 @@ return instance(this).get('jose_secret');
     } else {
-      key = await this.joseSecret(fields.alg);
+      key = await this.joseSecret(fields.alg === 'dir' ? fields.enc : fields.alg);
     }
@@ -1317,0 +1321,0 @@

package.json

 {
   "name": "openid-client",
-  "version": "3.1.2",
+  "version": "3.2.0",
   "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs",
@@ -5,0 +5,0 @@ "keywords": [

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

106026

increased by0.42%

Lines of code

2012

increased by0.15%

No dependency changes